Trust certificates from your proxy server

Updated: September 12, 2023

Sometimes, the QNX Software Center won’t access the myQNX server, even after you’ve configured your proxy settings correctly. This issue may occur if your proxy server rewrites SSL certificates for secure HTTPS remote hosts, in which case the QNX Software Center won’t trust the certificate that returns from the proxy.

To determine if this issue is occurring, find the .qnx/swupdate/.metadata/.log file under your home directory, then look for an error about being unable to find a “valid certification path to the requested target”.

If you see this error, follow the steps below to make the QNX Software Center trust the certificate from your proxy server:

  1. In your installation of the QNX Software Center, look for the Java Runtime Environment (JRE) under the /features/com.qnx.tools.jre.version directory. In this directory, you’ll see keytool, the Java certificate management utility.
  2. From the command line, run keytool as follows:
    keytool.exe -J-Dhttps.proxyHost=proxy_hostname -J-Dhttps.proxyPort=proxy_port 
    -printcert -rfc -sslserver qnx.com:443

    where proxy_hostname and proxy_port are the hostname and port of your proxy server.

  3. The command may output several certificates. Copy the contents of the last certificate into a file and name the file proxy.pem. (The file should start with the BEGIN CERTIFICATE line and end with the END CERTIFICATE line.)
  4. You now need to import the certificate into the Java trust store that the QNX Software Center uses. Using a version of OpenSSL recommended by your IT department, convert the certificate to der format:
    openssl x509 -outform der -in proxy.pem -out proxy.der

    Next, import the certificate into the trust store, which is located in the cacerts directory. For instance, in Windows you would enter:

    keytool -import -alias proxykey 
    -keystore \features\com.qnx.tools.jre.win32.x86_64_1.8.121\jre1.8.0_121\libs\security\cacerts 
    -file proxy.der
    

    If the command asks for a password, enter changeit, which is the default Java trust store password.

Once the certificate is imported you should be able to use QNX Software Center with your proxy server. If you continue to encounter connection issues, see the QNX Software Center Technotes: http://www.qnx.com/qsc_technotes.